Zyxel will release patches for products affected by the Dnsmasq vulnerabilities reported by CERT/CC. Users are advised to install the applicable firmware updates or follow the best practices for optimal protection.
What is the vulnerability?
Dnsmasq, open-source software that provides DNS forwarding and caching, has two sets of vulnerabilities, as listed below. Dubbed as DNSpooq, these vulnerabilities could allow an attacker to corrupt memory on the target device and perform cache poisoning attacks against the target environment.
What versions are vulnerable—and what should you do?
After a thorough investigation, we’ve identified products that make use of the Dnsmasq software and confirmed that these products are only affected by the DNS response validation vulnerabilities with medium severity. We’ll include the solution in the affected products’ next regular firmware releases to address the issues, as shown in the table below. For optimal protection, we urge users to install the applicable updates when they become available or follow CERT/CC’s best practices when protecting DNS infrastructure before the firmware updates become available:
Please note that the table does NOT include customized models for internet service providers (ISPs). For ISP customers, please contact your Zyxel representative for further details. For end-users who received your Zyxel device from an ISP, we recommend you reach out to the ISP support team directly, as the device may have custom-built settings.
For end-users who purchased the Zyxel devices on your own, please contact your local Zyxel support team or visit our forum if you require further assistance.
|Affected series/models||Patch available in|
|AX7501-B0||V5.15(ABPC.1)C0 in June 2021|
|DX5510-B0||V5.17(ABVV.1)C0 in Dec 2021|
|EMG3525-T50B||V5.50(ABPM.6)C0 in June 2021|
|EMG5523-T50B||V5.50(ABPM.6)C0 in June 2021|
|EMG5723-T50K||V5.50(ABOM.7)C0 in June 2021|
|EMG6726-B10A||V5.13(ABNP.7)C0 in Dec 2021|
|EX3510-B0||V5.17(ABUP.4)C0 in Dec 2021|
|EX5501-B0||V5.15(ABRY.2)C0 in June 2021|
|EX5510-B0||V5.17(ABQX.4)C0 in Dec 2021|
|VMG1312-T20B||V5.50(ABSB.5)C0 in June 2021|
|VMG3625-T50B||V5.50(ABPM.6)C0 in June 2021|
|VMG3927-B50A_B60A||V5.15(ABMT.7)C0 in June 2021|
|VMG3927-B50B||V5.13(ABLY.7)C0 in Dec 2021|
|VMG3927-T50K||V5.50(ABOM.7)C0 in June 2021|
|VMG4005-B50B||V5.13(ABRL.5)C0 in Dec 2021|
|VMG4927-B50A||V5.13(ABLY.7)C0 in Dec 2021|
|VMG8623-T50B||V5.50(ABPM.6)C0 in June 2021|
|VMG8825-B50A_B60A||V5.15(ABMT.7)C0 in June 2021|
|VMG8825-Bx0B||V5.15(ABNY.7)C0 in June 2021|
|VMG8825-T50K||V5.50(ABOM.7)C0 in June 2021|
|XMG3927-B50A||V5.15(ABMT.7)C0 in June 2021|
|XMG8825-B50A||V5.15(ABMT.7)C0 in June 2021|
|PMG2005-T20D||V1.00(ABWX.1)C0 in Q2 2021|
|PMG5317-T20B||V5.40(ABKI.4)C0 in Q2 2021|
|PMG5617GA||V5.40(ABNA.2)C0 in Q2 2021|
|PMG5622GA||V5.40(ABNB.2)C0 in Q2 2021|
|LTE1566||V1.00(ABUD.3)C0 in Dec 2021|
|LTE2566||V1.00(ABTW.3)C0 in Dec 2021|
|LTE3202||V1.00(ABVM.3)C0 in Dec 2021|
|LTE3301||V1.00(ABLG.5)C0 in Dec 2021|
|LTE3301Plus||V1.00(ABQU4)C0 in Sep 2021|
|LTE3302||V1.00(ABLM.5)C0 in Dec 2021|
|LTE3316||V1.00(ABMP.5)C0 in Dec 2021|
|LTE3316v2||V2.00(ABMP.5)C0 in Dec 2021|
|LTE5366||V1.00(ABKA.2)C0 in Dec 2021|
|LTE7240||V2.00(ABMG.4)C0 in Dec 2021|
|LTE7460||V1.00(ABFR.6)C0 in Dec 2021|
|LTE7461||V2.00(ABQN.3)C0 in Sep 2021|
|LTE7480||V1.00(ABRA.3)C0 in Sep 2021|
|LTE7485||V1.00(ABVN.4)C0 in Sep 2021|
|LTE7490||V1.00(ABQY.3)C0 in Sep 2021|
|WAH7601||V1.00(ABRH.3)C0 in Dec 2021|
|WAH7608||V1.00(ABKW.2)C0 in Dec 2021|
|WAH7706||V1.00(ABBC.12)C0 in Dec 2021|
|NBG6515||V1.00(AAXS.8)C0 in Dec 2021|
|NBG6604||V1.00(ABIR.6)C0 in Dec 2021|
|NBG6615||V1.00(ABMV.5)C0 in Dec 2021|
|NBG6817||V1.00(ABCS.11)C0 in Sep 2021|
|NBG6818||V1.00(ABSC.5)C0 in Sep 2021|
|NBG7815||V1.00(ABSK.6)C0 in Sep 2021|
|WSQ50||V2.20(ABKJ.5)C0 in Mar 2021|
|WSQ60||V2.20(ABND.6)C0 in Sep 2021|
|WSR30||V1.00(ABMY.12)C0 in Sep 2021|
|Unified Pro series||V6.20 in Mar 2021|
|Unified series||V6.20 in Mar 2021|
|Standalone series||V6.20 in Mar 2021|
|Cloud-managed series||V6.20 in Mar 2021|
|VPN2S||Hotfix available upon request*|
*Please reach out to your local Zyxel support team for the file.
Got a question or a tipoff?
Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact firstname.lastname@example.org and we’ll get right back to you.
Thanks to CERT/CC for reporting the issue to us.
2021-1-21: Initial release
2021-2-1: Updated the WSQ50 firmware schedule and removed NBG418v2 as it’s not affected
2021-2-24: Updated the patch plan for LTE models